o
    ©D®fù  ã                   @   s2   d dl Z d dlmZ d dlmZ G dd„ dƒZdS )é    N)Ú	to_native)Újwtc                   @   sX   e Zd ZdZdZddd„Zedd„ ƒZed	d
„ ƒZddd„Z	ddd„Z
		ddd„ZdS )ÚJWTBearerTokenGeneratora#  A JSON Web Token formatted bearer token generator for jwt-bearer grant type.
    This token generator can be registered into authorization server::

        authorization_server.register_token_generator(
            'urn:ietf:params:oauth:grant-type:jwt-bearer',
            JWTBearerTokenGenerator(private_rsa_key),
        )

    In this way, we can generate the token into JWT format. And we don't have to
    save this token into database, since it will be short time valid. Consider to
    rewrite ``JWTBearerGrant.save_token``::

        class MyJWTBearerGrant(JWTBearerGrant):
            def save_token(self, token):
                pass

    :param secret_key: private RSA key in bytes, JWK or JWK Set.
    :param issuer: a string or URI of the issuer
    :param alg: ``alg`` to use in JWT
    i  NÚRS256c                 C   s   || _ || _|| _d S ©N)Ú
secret_keyÚissuerÚalg)Úselfr   r   r	   © r   úU/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/oauth2/rfc7523/token.pyÚ__init__   s   
z JWTBearerTokenGenerator.__init__c                 C   s   |r|   |¡}|S r   )Úget_allowed_scope)ÚclientÚscoper   r   r   r   "   s   
z)JWTBearerTokenGenerator.get_allowed_scopec                 C   s   |   ¡ S )z¯Return user's ID as ``sub`` value in token payload. For instance::

            @staticmethod
            def get_sub_value(user):
                return str(user.id)
        )Úget_user_id)Úuserr   r   r   Úget_sub_value(   s   z%JWTBearerTokenGenerator.get_sub_valuec                 C   sV   |   ||¡}tt ¡ ƒ}||||| | ¡ dœ}| jr | j|d< |r)|  |¡|d< |S )N)r   Ú
grant_typeÚiatÚexpÚ	client_idÚissÚsub)r   ÚintÚtimeÚget_client_idr   r   )r
   r   r   Ú
expires_inr   r   Ú	issued_atÚdatar   r   r   Úget_token_data2   s   û
z&JWTBearerTokenGenerator.get_token_datac           	      C   sV   |s| j }|  |||||¡}tjd| ji|| jdd}dt|ƒ|dœ}|r)||d< |S )a€  Generate a bearer token for OAuth 2.0 authorization token endpoint.

        :param client: the client that making the request.
        :param grant_type: current requested grant_type.
        :param user: current authorized user.
        :param expires_in: if provided, use this value as expires_in.
        :param scope: current requested scope.
        :return: Token dict
        r	   F)ÚkeyÚcheckÚBearer)Ú
token_typeÚaccess_tokenr   r   )ÚDEFAULT_EXPIRES_INr    r   Úencoder	   r   r   )	r
   r   r   r   r   r   Ú
token_datar%   Útokenr   r   r   ÚgenerateB   s   
ýz JWTBearerTokenGenerator.generateTc                 C   s   |   |||||¡S r   )r*   )r
   r   r   r   r   r   Úinclude_refresh_tokenr   r   r   Ú__call__Z   s   z JWTBearerTokenGenerator.__call__)Nr   )NN)NNN)NNNT)Ú__name__Ú
__module__Ú__qualname__Ú__doc__r&   r   Ústaticmethodr   r   r    r*   r,   r   r   r   r   r      s    



	
ÿr   )r   Úauthlib.common.encodingr   Úauthlib.joser   r   r   r   r   r   Ú<module>   s    